For the vast majority of Americans, the chances of dying in a terrorist
attack are close to zero. There's a higher probability that you’ll die
by falling off a ladder than getting mixed up in some terrorist plot.
So why is the U.S. Department of Homeland Security constantly telling
every American to be afraid? That's a strategy that creates widespread
fear without making America any safer. U.S. homeland security efforts
should focus less on what is possible and more on what is probable.

By Benjamin FriedmanBenjamin Friedman is a doctoral candidate in political science at the Massachusetts Institute of Technology.

October 22, 2009

"All Americans Should Fear Terrorism"

That’s ridiculous. The odds of dying in a terrorist attack are minuscule. According to the U.S. Centers for Disease Control, the odds are about 1 in 88,000. The odds of dying from falling off a ladder are 1 in 10,010. Even in 2001, automobile crashes killed 15 times more Americans than terrorism. Heart disease, cancer, and strokes are the leading causes of death in the United States — not terrorism.

People overestimate risks they can picture and ignore those they cannot. Government warnings and 24-hour news networks make certain dangers, from shark attacks to terrorism, seem more prevalent than they really are. As a result, the United States squanders billions of dollars annually protecting states and locations that face no significant threat of terrorism. In 2003, Tulsa, Oklahoma, received $725,000 in port security funds. More than $4 million in 2005 federal antiterror funding will go to the Northern Mariana Islands. In 2003, Grand Forks County, North Dakota, received $1.5 million in federal funds to purchase trailers equipped to respond to nuclear attacks and more biochemical suits than it has police officers.

These small expenses add up. Federal spending on first responders grew from $616 million in 2001 to $3.4 billion in 2005, a 500 percent increase. Homeland security spending will approach $50 billion this year, not including missile defense — roughly equal to estimates of China’s defense spending. Yet pundits call for more. A 2003 Council on Foreign Relations report hyperbolically titled, Emergency Responders: Drastically Underfunded, Dangerously Unprepared, recommends increasing spending on emergency responders to $25 billion per year. To his credit, the new secretary of homeland security, Michael Chertoff, wants to trim the pork from the department’s budget. But efforts in congress to link funding with risk have failed largely because haphazard spending is consonant with the current U.S. strategy that tells all Americans to be afraid.

It’s true that al Qaeda’s attacks on Sept. 11, 2001, may be a harbinger of a more destructive future. But it is also true that parts of the war on terrorism are working. Tighter U.S. entry requirements, more aggressive European policing, the destruction of al Qaeda’s Afghan sanctuary, and refined intelligence operations have crippled al Qaeda’s ability to strike the United States. Most of al Qaeda’s original leadership is dead or in prison. Few other Islamist terrorists — even the most wanted terrorist in Iraq, Abu Musab al–Zarqawi — are as capable or organized as al Qaeda once was.

"Terrorists Can Strike Any Place, Any Time, with Any Weapon"

Unlikely. This assertion is the guiding principle of our homeland security strategy, yet it ignores probability. When the U.S. Department of Homeland Security dispenses such silly advice as, "Ensure disaster supply kit is stocked and ready," or "During a nuclear incident, it is important to avoid radioactive material, if possible," it assumes all Americans face an equal threat and creates widespread fear without making America safer. The department should focus more on what is probable and less on what is possible.

Most Americans are safe from terrorist attack. And the most likely forms of attack remain conventional. The fact is, all terrorist attempts to use chemical and biological weapons have failed to cause mass casualties. True, a successful biological weapons attack could kill hundreds of thousands of people. But manufacturing, controlling, and successfully dispersing these agents is difficult — probably too difficult for today’s terrorist groups. Synthesizing and handling chemical agents such as the deadly nerve agent VX, sarin, or mustard gas is complicated and extremely dangerous, often requiring access to sophisticated chemical laboratories. Most experts agree, for instance, that al Qaeda does not possess the technical capability necessary to produce VX. And even if terrorists procure and deploy chemical weapons, they are unlikely to kill many people. The 1995 sarin attack in Tokyo’s subway system was limited to only 12 deaths. Official U.S. government reports, including that of the Gilmore Commission, which examines domestic responses to terrorism, show that it would take one ton of chemical agent, favorable weather, and considerable time to kill thousands of people with chemical weapons.

This is to say nothing of the fact that no terrorist organization is known to possess nuclear weapons. Even for nations with the requisite monetary resources and scientific infrastructure, building a nuclear weapon can take decades. Yes, terrorists might try to buy a stolen nuclear weapon or its parts on the black market. But the chances of terrorists heisting a working nuclear weapon or assembling one from stolen parts are low. Most nuclear weapons require delivery vehicles and activation codes. Stealing all of these elements is next to impossible. Smaller, more portable tactical nuclear weapons, especially those made by the former Soviet Union, are a greater danger. Yet, according to a 2002 report by the Center for Nonproliferation Studies, most of Russia’s portable nuclear weapons are probably inoperable today. What about dirty bombs? They are relatively easy to construct, but much less destructive. Depending upon variables such as wind direction and the speed of evacuation, a dirty bomb might not be any more deadly than a conventional bomb.

A nuclear terrorist attack in the United States is possible. That possibility should be enough to produce a more active and well–funded nonproliferation policy than the United States has today, especially when it comes to vulnerable stocks of fissile materials around the world. But that policy should not include preparing all Americans for nuclear attack.

"Terrorists Will Attack Soft Targets as ‘A–List’ Targets Become More Secure"

Not necessarily. This claim is made repeatedly in the pages of the 2002 National Strategy for Homeland Security — without any supporting evidence. A look at past behavior shows that terrorists are likely to continue to attack well–defended, high–profile targets. Before hitting the World Trade Center in 2001, al Qaeda targeted the buildings in 1993. After bombing the U.S.S. Cole in a Yemeni port in 2000, al Qaeda struck a French oil tanker off the coast of Yemen in 2002. Al Qaeda targeted airlines in 1995, 1999, and 2001, and it has not stopped since. British would–be shoe bomber Richard Reid tried to blow up an airplane in December 2001. In 2002, al Qaeda terrorists fired missiles at planes in both Saudi Arabia and Kenya. In places such as Singapore and Uzbekistan, terrorist plots focused on U.S. embassies even after the 1998 embassy bombings in Kenya and Tanzania encouraged the United States to harden embassy defenses.

The idea that terrorists stealthily stalk America for weak spots implies levels of capability and cohesion that are more myth than reality. Different terrorist groups have different targets, not to mention discrepant information about where U.S. vulnerabilities lie. Some groups may be competent and organized; others are likely not. The assertion that terrorists continue to case American targets also stems from the idea that terrorists remain hidden in the United States. But FBI Director Robert Mueller told Congress in February that there is little evidence that so–called sleeper cells reside in the United States, even as he warned the U.S. Senate Select Committee on Intelligence that he remains "very concerned about what we are not seeing."

After years without a terrorist attack, perhaps Americans can take what they are not seeing seriously. The assumption that terrorists are flawless and ubiquitous results in unreasoned fear and overreaction. This ghost is worse than the reality.

"America Is Doing Far too Little to Protect Its Ports"

Hardly. More than $600 billion in goods and nearly 50 percent of U.S. imports flow through American ports each year. U.S. ports are vulnerable to both weapons smuggled into the United States in containers and U.S.S. Cole-style attacks on ships. But there is little indication such attacks are likely. Since September 11, the United States has made significant investments in port security. Federal port security grant programs have distributed about $600 million in funding to hundreds of U.S. ports. The Coast Guard’s budget has grown to $6.3 billion in the four years since Sept. 11, 2001. These efforts are enough.

The news media love to mention that U.S. Customs agents inspect only 2 to 5 percent of containers entering the United States. But the measure of success is which containers are searched, not how many. The key to protecting ports without unduly burdening commerce is using intelligence to identify risky cargo. The Container Security Initiative, instituted by U.S. Customs and Border Protection in 2002, aims to identify and inspect suspicious cargo before it sails to the United States by stationing agents in foreign ports, requiring a manifest prior to a ship’s arrival, determining the origin of containers, and developing electronic, tamper–proof container seals. This system is far from perfect. But it is superior to spending vast sums of taxpayer money to inspect every shipment. And, when one considers the cost to the U.S. economy of slowing commerce to a snail’s pace, this is one solution that is worse than the present danger. Any additional port security spending should respond to known threats, not mere vulnerability.

"Corporations Should Spend More on Security"

False. The odds of any one business in the United States being attacked by terrorists are vanishingly small. Still, leading terrorism experts such as Stephen Flynn often tout the fact that 92 percent of America’s CEOs believe terrorists will not attack their company. This, Flynn and others argue, is proof that businesses are underinvesting in security and that government regulation should force them to do more. In fact, these numbers show that businesses already spend too much.

Osama bin Laden has bragged of his ability to "bankrupt" the United States. The proper response to tactics such as these is to rationally evaluate risks while carrying on with business as usual, not to search frantically for holes to plug. Companies that deal with dangerous products, such as the chemical industry, or sports franchises that fill stadiums and create large public crowds, need to take security more seriously than others. Where the danger to society is high and companies have incentives to avoid spending more on security, the government may have to impose security standards or shift liability onto the company. But these types of situations are rare. Homeland security experts make much of the vulnerability inherent in modern economies. Manufacturing and food companies have international supply chains. Commerce relies on phone lines, power cables, and gas lines. These networks are ubiquitous and impossible to defend entirely. Because terrorists seek to frighten, attacks that produce much economic damage but little fear, such as electricity blackouts or the destruction of livestock, are unlikely. Companies whose vulnerabilities are exclusively economic have little to fear from terrorists and should not invest much in the defense against them.

"Terrorists Will Soon Mount a Crippling Cyberattack"

Nonsense. Cyberattacks are costly and annoying, but they are not a threat to U.S. national security.

Here, some historical perspective is useful. Alarmists warn that cyberterrorists could cripple American industry. Yet, even during World War II, the Allied bombing campaign against Germany failed to halt industrial production. Modern economies are much more resilient. A 2002 Center for Strategic and International Studies report, for instance, notes that just because the U.S. national infrastructure uses vulnerable communications networks does not mean that the infrastructure itself is vulnerable to attack. The U.S. power grid is run by some 3,000 providers that rely on diverse information technology systems. Terrorists would have to attack a large swath of these providers to have a significant effect. That’s a difficult task. Hackers, unlike summer heat waves and thunderstorms, have never caused a blackout. The U.S. water system is similarly robust, as is the U.S. air traffic control system. Although dams and air traffic control rely on communications networks, hacking into these networks is not the same as flooding a valley or crashing a plane.

Viruses and denial–of–service attacks are everyday occurrences, but they are not deadly. Most attacks pass unnoticed. Because terrorists aim to kill and frighten, they are unlikely to find these sorts of attacks appealing. Even if they do, they will merely join a crowd of existing teenagers and malcontents who already make cyberattacks a major business expense. The annual costs of viruses alone reportedly exceed $10 billion in the United States. A 2003 Federal Trade Commission report put the annual cost of identity theft, much of which occurs online, at more than $50 billion. Cybersecurity gurus have far more to worry about from traditional hackers than from terrorists.

"Al Qaeda Remains the Largest Threat to U.S. Homeland Security"

Wrong. The organization bin Laden continues to run from Afghanistan or Pakistan is on the ropes. Today, the main threat to the United States comes in the form of extremist entrepreneurs with only tenuous links to bin Laden and from other Sunni terrorist groups. These groups include Ansar al Islam, Egypt’s Jamaat al-Islamiyya and Egyptian Islamic Jihad, Southeast Asia’s Jemaah Islamiah, the Islamic Movement of Uzbekistan, Algeria’s Salifist Group for Preaching and War, the Moroccan Islamic Combatant Group, Zarqawi’s Tawhid and Jihad, and a host of others.

The press often blithely refers to these groups as "al Qaeda linked." But the links refer to sympathy and personal contacts that date back years, not continuous communications, planning, or operational control. These groups can be referred to as a movement, but that does not mean that they are part of a unified organization. For instance, though communications between Zarqawi and bin Laden have reportedly been intercepted, their relationship is a loose alliance, not one that involves handing down orders or sharing finances.

Most of the large terrorist attacks carried out since September 11 have had little connection to al Qaeda’s leadership. The recent attacks in Bali, Turkey, and Spain were independent operations conducted by local extremists. Consider Madrid. The press still commonly calls the commuter train bombing there on March 11, 2004, an "al Qaeda attack." But most recent evidence indicates that it was carried out by local Muslims, mostly Moroccans, who had some contacts with the Moroccan Islamic Combatant Group, but little or no connection to bin Laden or Zarqawi. The Madrid attackers planned and executed their attack without training, orders, or material assistance from other terrorist groups.

Some experts and policymakers call this collage of al Qaeda fellow travelers and wannabes a network — and treat it as some form of higher organization. But the fact that this collection of fundamentalists is the primary national security threat to the United States should be cause for celebration. These groups are dangerous, but, thankfully, they lack the geographic reach and organizational capacity that al Qaeda had in 2001.